Details
-
Improvement
-
Resolution: Fixed
-
Minor
-
None
-
None
-
9223372036854775807
Description
The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various
security and bugfixes.
The following security bugs were fixed:
- CVE-2020-26088: Fixed an improper CAP_NET_RAW check in NFC socket
creation could have been used by local attackers to create raw sockets,
bypassing security mechanisms (bsc#1176990). - CVE-2020-14390: Fixed an out-of-bounds memory write leading to memory
corruption or a denial of service when changing screen size
(bnc#1176235). - CVE-2020-0432: Fixed an out of bounds write due to an integer overflow
(bsc#1176721). - CVE-2020-0427: Fixed an out of bounds read due to a use after free
(bsc#1176725). - CVE-2020-0431: Fixed an out of bounds write due to a missing bounds
check (bsc#1176722). - CVE-2020-0404: Fixed a linked list corruption due to an unusual root
cause (bsc#1176423). - CVE-2020-2521: Fixed getxattr kernel panic and memory overflow
(bsc#1176381). - CVE-2020-25284: Fixed an incomplete permission checking for access to
rbd devices, which could have been leveraged by local attackers to map
or unmap rbd block devices (bsc#1176482). - CVE-2020-14385: Fixed a failure of the file system metadata validator in
XFS which could have caused an inode with a valid, user-creatable
extended attribute to be flagged as corrupt (bsc#1176137).
The following non-security bugs were fixed:
https://lists.suse.com/pipermail/sle-security-updates/2020-October/007534.html